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[57] ABSTRACT 

A cryptographic apparatus comprises a linear feedbac k 
shift register for providing a pseudo-random cod e, cou- 
pled to a ciphering device, which is in turn coupled to 
an adder. The ciphering device encrypts the pseudo- 
random code. One adder circuit input is coupled to a 
ciphering device, and the other adder circuit input is 
coupled to the data input. The adder circuit adds data 
input signals to ciphering device signals to provide 
output signals. A method for operation of a ciphering 
engine is described comprising the steps of providing^ 
ran dom number and setting tap weights f or a linea r 
fffflfrartf ch;ft rffy^ 1 *! ob taining a pseudo-ra ndom bit 
stream therefrom , and then en crypting the pseudo-ran- 
d om bit stream to ^ejiexatia g a traffic key stream . The 
traffic key streamis added to a data stream to produce 
encrypted data from plain-text data or, alternatively, 
the traffic key stream is added to an encrypted data 
stream to produce plain-text data. 

19 Claims, 3 Drawing Sheets 
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back mode of operation, a single bit error in the cipher- 

METHOD AND APPARATUS FOR DATA text results in corruption of that data block in exactly 

ENCRYPTION OR DECRYPTION the same place where the error occurred and the suc- 

ceeding data block will have a fifty percent probability 
FIELD OF THE INVENTION 5 0 f error for any given bit. 

The present invention concerns an im proved meth od Block data ciphering techniques have inherent advan- 
and apparatus for secure communication an d, more tages over stream modes in that the block boundaries 
particularly, for error reduction in cipher systems em- penni* re-synchronization in the event that a bit is 
ploying the Federal Information Processing Standards added to or subtracted from the data during transmis- 
Data Encryption Standard and similar ciphering tech- 10 sion and reception. This re-synchronization property is 
niques. known as "self-synchronization". Ciphering techniques 

BArKOROUND OF THE INVENTION which rely 0n Strcam ^ryption/deciyption modes 

BACKGROUND Or THE INVENTION cannot ^^synchronize and so require re-initiahzation 

The present invention pertains to data encryption communication when synchronization is lost. This 

algorithms, as for example, the Data Encryption Stan- 15 causes block data ciphering techniques to be greatly 

dard (DES), as described in Federal Information Pro- preferred for practical system applications, in spite of 

cessing Standards Publications FIPS 46-1, "Data En- substantially greater data corruption occurring for each 

cryption Standard", and FIPS 81, "DES Modes of bit wlucn ^ m error than is the case for some stream 

Operation", both published by the United States De- ciphering techniques. 

partment of Commerce. The latter describes four differ- 20 A jj^^ of weakness 0 f the above described prior 

ent techniques approved for employing the Data En- m ^^^^ & ^at single bit errors in transmission 

cryption Standard; each of these techniques operates m Qr rece tion of the cnC rypted data stream cause multi- 
both an fcricrypt and a Decrypt mode for performing le bU mofS m ^ decry ^ cd ^ stream . ^ prop . 

the desired encryption and corresponding decryption £ «ten«km makes it very difficult to use 

functions^ These techniques are the electronic code 25 > ^ ^ 

book mode, the cipher block chaining mode, and the DJf , 

cipher and output feedback modes. These ciphering n0 «y environments. 

methods operate in either a block mode or a stream What . * needed » ? block mode mc *°* for ? ata 
mode. A brief summary of these techniques follows. encryption, transmission, reception and decryption 
The electronic code book mode is one in which 64 bit 30 which includes the integrity of the Federal Data En- 
blocks of input data are successively and independently cryption Standard, and yet which provides minimal 
processed, such that an error in one bit of a given block errors in the decrypted text for each error occurring in 
of encrypted data, due, for example, to corruption in transmission and/or reception of the encrypted data 
data transmission and reception, results in error rates stream, i.e., little or no error extension, 
approximating fifty percent in decrypting the particular 35 SUMMARY OF THE INVENTION 
data block affected by the error and does not affect the 

error rate in decrypting other encrypted data blocks. A cryptographic apparatus comprises a linear feed L 

The cipher block chaining mode is one in which the b ack shift registe r for providing a p seudo-ranaom coa e 

first input data block is exdusive-ORed with an initial- coupled to a ciphering device and a bit stream com- 
ization vector, also known as a traffic key or as a traffic 40 biner. The ci phering device encrypts the pseudo-ran- 

variable, and the resultant data block is input to a DES- <jom code from the linear feedback shirt register . A data 

compliant ciphering device. The output data are trans- input for accepting an input digital message and a data 

mitted as the first block of cipher-text and are also ex- output for providing an output digital message are cou- 
clusive-ORed with the second input data block. The t0 th e bit stream combiner, as for example, an 

result of the exclusive-OR operation is input to a DES- 45 BdjdtT circuit. One input of the adder circuit is coupled 

compliant ciphering device. The encrypted output data t0 ^ Data Encryption Standard ciphering device, and 

are then transmitted as the second output data block and ^ other mput of the ^ der circuit is coupled to the 

additionally are exclusive-ORed with the third input ^ mput> ^ ^ output of ^ adder ^cut coupled 

data block. This chaining procedure continues through- to ^ data output ^ circuit ^ signals from 
out the enciphering process and a similar procedure 50 ^ ^ ^ to ^anals from the ciphering device to 
applies for deciphering the resultant cipher-text A sin- ide Q s{ ^ ^ ^ ^ QUtput 

gle error m one bit of a given block of encrypted cfcta m * des M>\t but not essential that the circuit for 
the cipher block chaining mode resulte in corruption of g from ^ m ^ si ^ s from ^ 

the data block containing ; the : single bit error and sue- ^ ^ ^ cx H clusive ^ R te . 

^ g * ^ A melod for operation of a ciphering en|ine is de- 

i^ntn?^ scribed which cotnprises the steps of providing a ran- 

^thecipher g fe^backmode,anmtegrdnumberKof ** d ^ P ^ B ^Ll^!Zt 
cipher-text output bits are placed to one side of the *>ack agister, using the linear feedback shrtt regis- 
DES-compliant ciphering device input data buffer. K 60 ^er to obtain a pseudo-random bit stream and then gen- 
bits of input data are exclusive-ORed with the DES- crating a traffic key stream from the pseudo-random bit 
compliant ciphering device output data block to pro- stream by encrypting the pseudo-random bit stream, 
duce cipher-text An inverse arrangement at the re- The traffic key stream is added to a data stream to pro- 
ceiver decrypts the cipher-text blocks to recover a de- duce encrypted data from plain-text data r, alterna- 
crypted plain-text message. Both the encryption and 65 tively, the traffic key stream is added an encrypted data 
decryption operations utilize the data encryption algo- stream to produce plain-text data, 
rithm in the encrypt mode, however, the decrypt mode The above and other features and advantages of the 
can be employed as an alternative. In the cipher feed- present invention will be better understood from the 
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following detailed description taken in conjunction 
with the accompanying drawings. 

BRIEF DESCRIPTION OF THE DRAWING 

FIG. 1 (prior art) is a block diagram of a linear feed- 
back shift register; 

FIG. 2 is a schematic diagram of a secure communi- 
cations link; and 

FIG. 3 is a flow diagram describing the method for 
encryption and decryption in accordance with the pres- 
ent invention. 

DESCRIPTION OF THE PREFERRED 
EMBODIMENT 

As used herein the words "encryption", "encipher- 
ing" and "encoding" mean conversion of a plain-text 
mess age to a secure or ci pher-text message, while "de- 
cryption", "deciphering" and "decoding" refer to the 
inverse of this process. As used herein the words 
''voice", "data", "input data", "output data", and "sig- 
nal" are intended to include any type of transmitted or 
received information, including but not limited to audio 
information, facsimile, video, computer data, graphical 
data, or combinations thereof. 

By way of example and not intended to be limiting, 
FIG. 1 illustrates a block diagram of a prior art linear 
feedback shift register 10 comprising shift register 20 
having cells 11-18, feedback path 25, output 40, clock 



t ernally programm ed and to be changed at arbitrary 
intervals as need arises. *' 
By way of example and not intended to be limiting, 
linear feedback shift register 10 can be chosen to be a 
ninety-three stage shift register configured to provide a 
maximal length sequence. For these parameters, the 
period of the output pseudo-random bit stream derived 
from linear feedback shift register 10 at a data rate cor- 
responding to 9600 baud, or 9600 bits per second, is 
about 3X10 16 years. This provides a good approxima- 
tion to a random, non-repeating data stream for practi- 
cal communications systems. 

The function provided by linear feedback shift regis- 
ter 10 can also be implemented by means of software, 
e.g., a computer program which causes a general pur- 
pose computer or digital signal processor to emulate the 
function of linear feedback shift register 10 without 
necessarily closely resembling a conventional hardware 
implementation thereof, and without compromising the 
20 qualities of the resultant pseudo-random bit stream. 
FIG. 2 illustrates a secure communications channel 
200, according to the present invention, comprising 
data input 225, encrypted communications link 235, and 
data output 245, together with seed inputs 205, 206, 
linear feedback shift registers 260, 265, pseudo-random 
sequence outputs 210, 211 data encryption standard 
devices 270, 275, clocking line 201, 202 and adder cir- 
cuits 250, 255. Data encryption standard devices 270, 



10 



15 



25 



Having tens u-io, jwuwva pan* ~, ww^-v ^, — 275 inluding initialization vector input 273, 278 may 
ing line 201, and adder circuits 50, Linear feedback shift ^ implement a standardized block cipher algorithm in the 
register 10 has input 30 while shift register 20 has input Decrypt mode in accordance with United States Gov- 
35. ernment regulations as described in detail in FIPS 81. 

Also shown in FIG. 1 is control means 60. Input 35 ln operation, identical random numbers; or seeds are 
contains signals formed from the sum of the input signal provided at inputs 205, 206 to linear feedback shift reg- 
present on input 30 and those from feedback path 25. 35 istcrs 260, 265 having identically chosen tap weights 
The signals on feedback path 25 are formed from sums m $ sequences resulting in identical but synchronized 
of signals on feedback path 25 and those emergent from pseudo-random sequences at outputs 210, 211. 
designated cells, e.g., cells 15, 17, 18 of shift register 20. Initialization vectors specifying the internal settings 
Any subset of cells 11-18 comprising shift register 20 0 f data encryption standard devices 270, 275 are sup- 
may be chosen as designated cells, and shift register 20 40 p ijed via input 273, 278 prior to the onset of encryp- 
may comprise an arbitrary number of cells, with the tion/decryption. 

number and relative positions of designated cells being Outputs 210, 211 provide these identical pseudo-ran- 
chosen to suit a particular application. - dom sequences to data encryption standard devices 270, 

In operation, input of a logical "one" to input 30 will j 275 to produce identical synchronized traffic key 



result in a pseudo-random signal at output 40, according 
to which cells of linear feedback shift register 10 are 
chosen as designated cells. To start operation, linear 
feedback shift register 10 is loa ded witn ajpiedeter- 
mined pattern of "ones" and "zeroes", re ferred to as a 



*5 streams at outputs 215, 216. 

The plain-text input to adder 250 via input 225 is 
combined with the traffic key stream from output 215 to 
produce cipher-text on secure communications link 235. 
The cipher-text on secure communications link 235 is 



Particular choices or selected see^sTtogether withTwt 
ably chosen tap weights yield maximal length pseudo- 
random codes appearing at output 40 having lengths of 
2^— 1 bits where M represents the number of stages in 
the shift register. Linear feedback shift registers are well 
known in the art and are discussed, for example, in U.S. 
Pat No. 4,974,184, entitled "Maximum length pseudo- 
random test pattern generator via feedback network 
modification", to Lanse Avra, which is incorporated 
herein by reference. 

UaaLfmlhark. shift rrgistm. such as 10 thus pro- 
vide a way to generate pseudo-random pulse sequences 
having greater Tength than the data, or seed, initially 



mtpefl pattern oi ones ana scroc& , retcuw w «a a i nc cipner-iCAi on secure cuiuuiuwiwiuuua u«* *~**> «» 

"te^'\and a clocking signal is supph ed^daJinejOiriO input to adder 255 and combined with the traffic key 

n__«j .Ua'Iu )Lr«Alw4u4 cm^Mc tr\a+t\%*r \xnth «iiit- **MA«n nntmi^ *91fi tuViir>V» ic cvfir^hmniTed with the 



as 10 and uses thereof are well known in the art. Control 
means 60 allows the particular p seudo-random code 
generated by linear feedback shift register 10 t obe ex- 



inserted Into linear feedback shift_registe r 10 via, for . . *vj. - « « ™© — © r — : 

^ampV, input 30. Linear feedback shift registers such 6 5 encryption and decryption in accordance with the pres- 



stream from output 216, which is synchronized with the 
cipher-text on communications link 235, to reproduce 
plain-text at output 245. Adders 250, 255 may comprise, 
for example, XOR gates. ^ 
• A particular feature of the invented arrangement is 
that a single bit error occurring in the encrypted data on 
communications link 235, e.g., due to noise in the trans- 
mission path, results in only a single bit error in the 
plain-text data from output 245. The error extension 
effect encountered with prior art arrangements, espe- 
cially those using DES, is avoided. This significantly 
improves the robustness of secure communications sys- 
tems. 

FIG. 3 is a flow diagram describing process 300 for 



ent invention. 

Referring now to FIGS. 2 and 3, « randr^ pnmher 
RN is generated in block 310 and in block 320 is loaded 
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into linear feedback shift registers 2 60, 265 as a seed. 
Tap weights are set in block 330 on linear feedback shift 
registers 260, 265 and a clocking signal is applied 
thereto in block 340 to start gen eration of pseudo-ran- 
dom codes at outputs 210, 211. Alternatively, the tap 5 
weights may be built-in by suitable hardware connec- 
tions, such as, for example, by predetermined intercon- 
nections on an integrated circuit containing the shift 
register. 

The pwiido-random b|t _strcam fron linear fefHhar.k 10 
s hift registers 260. 265 is_encrvpted in b lock 360 by, for 1 
exampl e. DES-comoKant ciphering en^ines_270, 275 
WHicFnas been initialized in block "350 with an appro- 
priate initialization vector at inputs 273, 278. Tfcsifi&iilr 
unt traffic kev stream 215, 216 is.add/»d-in Mo ck 370 tP 15 
a, text bit stre am 225. 235. Jfor example in adders 250. 
Uue to the symmetry of the addition, process 300 con- 
verts plain-text input data to cipher-text output data or 
cipher-text input data to plain-text output data, when 
appropriate random number, tap weight, and initializa- 20 
tion vector data have been supplied. 

This method allows encryption and decryption of 
digitized voice, modem, facsimile or video data to be 
accompan ied fry the integrity associated with the Fed- 
eral Data Encryption Standard without sutienng tne 25 
error extension properties incurred in prior art imple- 
mentations thereof. Thus, equipment incorporating this 
invention can function in contexts where high probabili- 
ties of single-bit errors would otherwise strongly dis- 
courage use of the Data Encryption Standard. 30 

Based on the foregoing description, it will be appar- 
ent to those of skill in the art that the present invention 
solves the problems and achieves the goals set forth 
earlier, and has substantial advantages as pointed out 
herein. Further the present invention provides a method 35 
and apparatus having the integrity of security afforded 
by the Federal Data Encryption Standard together with 
the advantages of a low error rate and the self-synchro- 
nizing features of block mode data encryption, transmis- 
sion, reception, and decryption, and without error ex- 40 
tension. 

While the present invention has been described in 
terms of particular elements, structures and steps, these 
choices are for convenience of explanation and not 
intended to be limiting and, as those of skill in the art 45 
will understand based on the description herein, the 
present invention applies to other choices of elements, 
arrangements and process steps, and it is intended to 
include in the claims that follow, these and other varia- 
tions as will occur to those of skill in the art based on the 50 
present disclosure. 

What is claimed is: 

1. A cryptographic apparatus comprising: 

linear feedback shift register means having a seed 
input for accepting a random number and having a 55 
weighting input for accepting tap weights; 

adder means coupled to said linear feedback shift 
register means, said adder means for combining 
output from designated cells of said linear feedback 
shift register means to form an output signal from 60 
said linear feedback shift register means comprising 
a psuedo-random code; 

control means coupled to said adder means, said con- 
trol means for selecting said designated cells of said 
linear feedback shift register means; 65 

ciphering device means including a Data Encryption 
Standard ciphering device operating in Cipher 
Feedback Mode, said ciphering device means cou- 



6 

pled to said linear feedback shift register means, 
said ciphering device means for encrypting the 
pseudo-random code; 

data input means, said data input means for accepting 
an input digital message; and 

data output means, said data output means for provid- 
ing an output digital message; and 

combiner means, one input of said combiner means 
coupled to said ciphering device means, another 
input of said combiner means coupled to said data 
input means, and an output of said combiner means 
coupled to said data output means, said combiner 
means for combining signals from said data input 
means to signals from said ciphering device means 
to provide output signals to said data output means. 

2. The cryptographic apparatus claimed in claim 1, 
wherein said combiner means comprises an adder cir- 
cuit. 

3. The cryptographic apparatus claimed in claim 1, 
wherein said Data Encryption Standard ciphering de- 
vice operates in accordance with Decrypt Mode. 

4. The cryptographic apparatus claimed in claim 1, 
wherein said Data Encryption Standard ciphering de- 
vice operates in accordance with Encrypt Mode. 

5. The cryptographic apparatus claimed in claim 1, 
wherein said linear feedback shift register means com- 
prises an N-stage linear feedback shift register, wherein 
N represents a number of stages comprising said N- 
stage linear feedback shift register and N>25. 

6. A cryptographic communications system compris- 
ing one or more combinations of: 

at least a first cryptographic communications termi- 
nal, comprising: 

a first linear feedback shift register which is exter- 
nally programmable at arbitrary intervals to 
change a particular pseudo-random code generated 
thereby and having a seed input for accepting a 
random number and a weighting input for accept- 
ing tap weights; 

a first ciphering device, said first ciphering device 
coupled to said linear feedback shift register, said 
first ciphering device comprising a first Data En- 
cryption Standard ciphering device operating in 
Cipher Feedback Mode; 

a data input; 

a first data output; and 

a first adder circuit, one input of said first adder cir- 
cuit coupled to said first ciphering device, another 
input of said first adder circuit coupled to said data 
input, and an output of said first adder circuit cou- 
pled to said first data output; and 

at least a second cryptographic communications ter- 
minal comprising: 

a second linear feedback shift register which is exter- 
nally programmable at arbitrary intervals coincid- 
ing with said arbitrary intervals at which said first 
linear feedback shift register is externally pro- 
grammed to change a particular pseudo-random 
code generated thereby and having a seed input for 
accepting a random number and a weighting input 
for accepting tap weights, said first and second 
linear feedback shift registers operating to generate 
the same pseudo-random code; 

a second ciphering device, said second ciphering 
device coupled to said second linear feedback shift 
register, said second ciphering device comprising a 
second Data Encryption Standard ciphering de- 
vice operating in Cipher Feedback Mode; 
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a second data output; and providing a random number to a programmable hn- 

a second adder circuit, one input of said second adder ear feedback shift register; 

circuit coupled to said second ciphering device, providing tap weights to the programmable linear 
another input of said second adder circuit coupled feedback shift register; 

to said first data output, and an output of said sec » «"* the programmable : lmea £edtack ** reg.ster 
ond adder circuit coupled to said second data out- j^SJ.-jKUT 

stream from the psuedo-ran- 

P°V dora bit stream using a Data Encryption Standard 

7. The cryptographic communications system dcv ice in Cipher Feedback Mode; and 

claimed in claim 6, wherein one of said first or second w cowbin j ng ^ traffic key stream with an input data 
cryptographic communications terminals operates to stream to produce an output data stream modified 

produce an encrypted message from a plain-text mes- by thc traffic key stream. 

sage and another of said first or second cryptographic j 5 ^ht method for operation of a ciphering engine as 
communications terminals operates to produce a plain- claimed in claim 14, wherein said generating step fur- 
text message from said encrypted message. 15 tber includes the step of using a Data Encryption Stan- 

8. The cryptographic . communications system dard device in Decrypt Cipher Feedback Mode and 
claimed in claim 6, wherein said first and second adder operating on the pseudo-random bit stream from the 
circuits each comprise exclusive-OR means. programmable linear feedback shift register to generate 

9. The cryptographic apparatus claimed in claim 6, a traffic key stream. 

wherein said first and second Data Encryption Stan- 20 16. The method for operation of a ciphering engine 
dard ciphering devices operate in accordance with En- claimed in claim 14, wherein said combining step fur- 
crypt Mode "» cludes toe ste P of performing a logical exclusive- 
ly The cryptographic apparatus claimed in claim 6, OR operation to add the input data stream to the traffic 
wherein said first and second Data Encryption Stan- key i stream. 

dard ciphering devices operate in accordance with De- » 1 17. The method I for . QP««» of a cf^v 
t Mod claimed in claim 14, wherein the input data stream corn- 
crypt MOoe. .„.,.„, prises a cipher-text data stream and wherein said com- 

U. The cryptographic communications system P P comprises the step of decrypting the cipher- 

clauned m chum 6, wherein sa.d date input is a v.deo || BUl P strcal £ to produce a plain-text output data 

data input, and said first and second data outputs are stream 

video data outputs. 18 ^ met }jod for operation of a ciphering engine 

12. The cryptographic communications system c ] aime d in claim 14, wherein the input data stream corn- 
claimed in claim 6, wherein said data input is a facsimile prises a pi^n.^ stream and wherein said combining 
signal input, and said first and second data outputs are step comprises the step of encrypting the plain-text data 
facsimile signal outputs. 35 stream to produce a cipher-text output data stream. 

13. The cryptographic communications system 19. The method for operation of a ciphering engine 
claimed in claim 6, wherein said data input is a digitally claimed in claim 14, wherein said using step includes the 
encoded voice signal input, and said first and second step of using a programmable linear feedback shift regis- 
data outputs are digitally encoded voice signal outputs. ter having N stages, where N is greater than twenty- 

14. A method for operation of a ciphering engine 40 five, to obtain a pseudo-random bit stream, 
comprising the steps of: * * * * * 



45 



50 



55 



60 



65 
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